From owner-freebsd-arch@FreeBSD.ORG  Tue Dec 30 20:56:59 2014
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F273FE86
 for <freebsd-arch@freebsd.org>; Tue, 30 Dec 2014 20:56:58 +0000 (UTC)
Received: from na01-by2-obe.outbound.protection.outlook.com
 (mail-by2on0139.outbound.protection.outlook.com [207.46.100.139])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "MSIT Machine Auth CA 2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A870824EB
 for <freebsd-arch@freebsd.org>; Tue, 30 Dec 2014 20:56:57 +0000 (UTC)
Received: from CO2PR05CA011.namprd05.prod.outlook.com (10.141.241.139) by
 DM2PR05MB445.namprd05.prod.outlook.com (10.141.104.154) with Microsoft SMTP
 Server (TLS) id 15.1.49.12; Tue, 30 Dec 2014 20:22:34 +0000
Received: from BN1AFFO11FD038.protection.gbl (2a01:111:f400:7c10::193) by
 CO2PR05CA011.outlook.office365.com (2a01:111:e400:1429::11) with Microsoft
 SMTP Server (TLS) id 15.1.49.12 via Frontend Transport; Tue, 30 Dec 2014
 20:22:33 +0000
Received: from P-EMF02-SAC.jnpr.net (66.129.239.16) by
 BN1AFFO11FD038.mail.protection.outlook.com (10.58.52.242) with Microsoft SMTP
 Server (TLS) id 15.1.49.13 via Frontend Transport; Tue, 30 Dec 2014 20:22:33
 +0000
Received: from magenta.juniper.net (172.17.27.123) by P-EMF02-SAC.jnpr.net
 (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.146.0; Tue, 30 Dec
 2014 12:22:13 -0800
Received: from chaos.jnpr.net (chaos.jnpr.net [172.21.16.28])	by
 magenta.juniper.net (8.11.3/8.11.3) with ESMTP id sBUKMCW19513;	Tue, 30 Dec
 2014 12:22:12 -0800 (PST)	(envelope-from sjg@juniper.net)
Received: from chaos (localhost [127.0.0.1])	by chaos.jnpr.net (Postfix) with
 ESMTP id AB452580A3;	Tue, 30 Dec 2014 12:22:12 -0800 (PST)
To: Shawn Webb <lattera@gmail.com>
Subject: Re: Disabling ptrace
In-Reply-To: <3368390.qHnOScdmzK@shawnwebb-laptop>
References: <20141230111941.GE42409@kib.kiev.ua>
 <20141230140709.GA96469@stack.nl> <3368390.qHnOScdmzK@shawnwebb-laptop>
Comments: In-reply-to: Shawn Webb <lattera@gmail.com>
 message dated "Tue, 30 Dec 2014 10:38:56 -0500."
From: "Simon J. Gerraty" <sjg@juniper.net>
X-Mailer: MH-E 8.0.3; nmh 1.3; GNU Emacs 22.3.1
Date: Tue, 30 Dec 2014 12:22:12 -0800
Message-ID: <29058.1419970932@chaos>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
 juniper.net discourages use of 66.129.239.16 as permitted sender)
Authentication-Results: spf=softfail (sender IP is 66.129.239.16)
 smtp.mailfrom=sjg@juniper.net; 
X-Forefront-Antispam-Report: CIP:66.129.239.16; CTRY:US; IPV:NLI; EFV:NLI;
 SFV:NSPM;
 SFS:(10019020)(6009001)(24454002)(189002)(199003)(2950100001)(47776003)(99396003)(89996001)(221733001)(21056001)(77156002)(62966003)(105596002)(92566001)(106466001)(107046002)(68736005)(77096005)(31966008)(64706001)(81156004)(50466002)(48376002)(46102003)(33716001)(97736003)(6806004)(1411001)(19580395003)(84676001)(50226001)(76506005)(76176999)(19580405001)(110136001)(50986999)(120916001)(87936001)(4396001)(86362001)(117636001)(57986006)(20776003)(69596002)(62816006)(42262002);
 DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR05MB445; H:P-EMF02-SAC.jnpr.net; FPR:;
 SPF:SoftFail; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; 
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR05MB445;
X-Forefront-PRVS: 04410E544A
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Dec 2014 20:22:33.0281 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.16]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR05MB445
Cc: Konstantin Belousov <kostikbel@gmail.com>,
 Jilles Tjoelker <jilles@stack.nl>, freebsd-arch@freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 20:56:59 -0000

Shawn Webb <lattera@gmail.com> wrote:
> I'm curious what the use case was that brought this up. And why the requester 
> thinks it's actually useful.

Being able to disable ptrace is useful - provided it cannot be bypassed.
In Junos we leveraged the signed binary implementation (based on NetBSD's
verified exec) to tag processes for which ptrace should fail.  The
signed binary stuff also supposed to prevent games with LD_PRELOAD -
assuming we didn't provide and sign the lib in question.

When we re-implemented veriexec as a MAC module, the above was left out,
in anticipation of using a separate module (though perhaps still
leveraging veriexec to set the labels).